cleantalk
Vulnerabilities and Security Researches

OpenHook, CVE-2023-5201

CVE, Research URL

CVE-2023-5201

Home page URL

Security reports for OpenHook

Application

OpenHook

Published on
Sep 30, 2023
Research Description
The OpenHook plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.3.0 via the 'php' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to execute code on the server. This requires the [php] shortcode setting to be enabled on the vulnerable site.
Affected versions
max 4.3.1.
Status
vulnerable
Previous vulnerability researches
OpenHook (CVE-2023-5201) , Jun 06, 2024
OpenHook (CVE-2025-62120) , Jan 10, 2026
New vulnerability
Pure WC Variation Swatches (CVE-2025-12820) , Jan 11, 2026
WP Scraper (CVE-2025-62088) , Jan 11, 2026
Chat Widget: Customer Support Button with SMS Call Button, Click to Chat Messenger Live Chat Support Chat Button – Bit As (CVE-2025-68596) , Jan 11, 2026
Free Follow-Up Emails & Marketing Automation for WooCommerce – ShopMagic (CVE-2025-69093) , Jan 11, 2026
SALESmanago (CVE-2025-68571) , Jan 11, 2026